Add NotImplementedError type so CA plugins can return client-friendly errors

Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding.
author: Rob Crittenden <rcritten@redhat.com> 2009-12-01 17:17:15 -0500
committer: Jason Gerard DeRose <jderose@redhat.com> 2009-12-01 23:18:05 -0700
commit: 4348b5f8c4677443f47f3d5c906549825b25ec72 (patch)
tree: b918d4823a729e476ff4a5656f01a3220479c505 /ipalib/plugins/service.py
parent: cb4c0d6caf73c1a35970a6614d5be83c6e3d5434 (diff)
download: freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.tar.gz
freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.tar.xz
freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index c88695e42..93b9e2b70 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -27,15 +27,18 @@ from ipalib import api, errors
 from ipalib import Str, Flag, Bytes
 from ipalib.plugins.baseldap import *
 from ipalib import x509
+from pyasn1.error import PyAsn1Error
 
 
 def get_serial(certificate):
     """
     Given a certificate, return the serial number in that cert.
     """
+    if type(certificate) in (list, tuple):
+        certificate = certificate[0]
     try:
-        serial = str(x509.get_serial_number(certificate))
-    except crypto.Error:
+        serial = str(x509.get_serial_number(certificate, type=x509.DER))
+    except PyAsn1Error:
         raise errors.GenericError(
             format='Unable to decode certificate in entry'
         )
@@ -186,7 +189,11 @@ class service_del(LDAPDelete):
             cert = entry_attrs.get('usercertificate')
             if cert:
                 serial = unicode(get_serial(cert))
-                self.api.Command['cert_revoke'](serial, revocation_reason=5)
+                try:
+                    self.api.Command['cert_revoke'](serial, revocation_reason=5)
+                except errors.NotImplementedError:
+                    # selfsign CA doesn't do revocation
+                    pass
         return dn
 
 api.register(service_del)
author	Rob Crittenden <rcritten@redhat.com>	2009-12-01 17:17:15 -0500
committer	Jason Gerard DeRose <jderose@redhat.com>	2009-12-01 23:18:05 -0700
commit	4348b5f8c4677443f47f3d5c906549825b25ec72 (patch)
tree	b918d4823a729e476ff4a5656f01a3220479c505 /ipalib/plugins/service.py
parent	cb4c0d6caf73c1a35970a6614d5be83c6e3d5434 (diff)
download	freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.tar.gz freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.tar.xz freeipa-4348b5f8c4677443f47f3d5c906549825b25ec72.zip